<?php
	session_start();
	require('include/inc.check_referer.php');


if (isset($_POST['email']) && !empty ($_POST['email'])) {
	//  Developed by Roshan Bhattarai
	//  Visit http://roshanbh.com.np for this script and more.
	//  This notice MUST stay intact for legal use

	// connection settings stored in file
	include("include/connectionParameters.php");

	$connection = mysql_connect($host,$user,$pass)
		or die ("Can't connect to server, try again later, please");

	//connect to this db
	mysql_select_db($database);

	//get the posted values
	$email = htmlspecialchars($_POST['email'], ENT_QUOTES);

	//now validating username and password and status
	$sql = 'SELECT `userId` FROM `Users`'
		. ' WHERE `email` ="' . mysql_real_escape_string($email) . '" AND `active` = 1 LIMIT 1';
	$result = mysql_query($sql);
	$row = mysql_fetch_array($result);

	//if username exists
	if(mysql_num_rows($result) > 0) {
		require ('include/inc.restore_pass.php');

		$pass = create_rand_str();
		mysql_query('UPDATE `Users` SET `password` = MD5("' . $pass . '") WHERE `userId` = ' . $row['userId'] . ' LIMIT 1');

		send_restore_email($email, $pass);
		echo '{"status": 1, "message": "New password was sent to ' . $email . '."}';
	} else {
		echo '{"status": 0, "message": "Provided email was not found."}';//invalid email
	}
} else {
	die('{"status": 0, "message": "Error occured. No email provided."}');
}
?>